PT-2007-6606 · Unknown · Xscreensaver+1

Published

2007-10-19

Updated

2008-09-05

CVE-2007-5585

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions xscreensaver versions 5.03 and earlier

Description The issue occurs when xscreensaver is running without xscreensaver-gl-extras installed. If the /usr/bin/xscreensaver-gl-helper file does not exist and a user attempts to unlock the screen, xscreensaver crashes. This crash allows attackers with physical access to gain access to the locked session.

Recommendations For xscreensaver versions 5.03 and earlier, consider installing xscreensaver-gl-extras to mitigate the risk of exploitation. As a temporary workaround, ensure the /usr/bin/xscreensaver-gl-helper file exists to prevent the crash.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2007-5585

DTSA-83-1

Affected Products

Xscreensaver

Xscreensaver-Gl-Extras

PT-2007-6606 · Unknown · Xscreensaver+1

CVE-2007-5585

Weakness Enumeration

Related Identifiers

Affected Products

References · 8